sendmail服务器配置
来源:互联网 发布:fluent软件下载 编辑:程序博客网 时间:2024/05/17 17:41
sendmail服务器配置:
/etc/aliases sendmail别名数据库
/etc/mail/sendmail.cf sendmail主要配置文件
/etc/mail/sendmail.mc sendmail宏配置文件
/etc/mail/access sendmail数据库
/etc/mail/local-host-names sendmail本地域别名文件
/etc/mail/virtusertable sendmail虚拟用户数据库
senmail带PAM认证需要如下的安装包
imap
sendmail
m4
cyrus-sasl
cyrus-sasl-md5
cyrus-sasl-plain
cyrus-sasl-gssapi
divert(-1)dnl
ds is the sendmail macro config file for m4. If you make changes to
dnl # /etc/mail/sendmail.mc, you will need to regenerate the
dnl # /etc/mail/sendmail.cf file by confirming that the sendmail-cf package is
dnl # installed and then performing a
dnl #
dnl # make -C /etc/mail
dnl #
include(`/usr/share/sendmail-cf/m4/cf.m4')dnl
VERSIONID(`setup for Red Hat Linux')dnl
OSTYPE(`linux')dnl
dnl #
dnl # Uncomment and edit the following line if your outgoing mail needs to
dnl # be sent out through an external mail server:
dnl #
dnl define(`SMART_HOST',`smtp.your.provider')
dnl #
define(`confDEF_USER_ID',``8:12'')dnl
dnl define(`confAUTO_REBUILD')dnl
define(`confTO_CONNECT', `1m')dnl
define(`confTRY_NULL_MX_LIST',true)dnl
define(`confDONT_PROBE_INTERFACES',true)dnl
define(`PROCMAIL_MAILER_PATH',`/usr/bin/procmail')dnl
define(`ALIAS_FILE', `/etc/aliases')dnl
dnl define(`STATUS_FILE', `/etc/mail/statistics')dnl
define(`UUCP_MAILER_MAX', `2000000')dnl
define(`confUSERDB_SPEC', `/etc/mail/userdb.db')dnl
define(`confPRIVACY_FLAGS', `authwarnings,novrfy,noexpn,restrictqrun')dnl
define(`confAUTH_OPTIONS', `A')dnl
dnl #
dnl # The following allows relaying if the user authenticates, and disallows
dnl # plaintext authentication (PLAIN/LOGIN) on non-TLS links
dnl #
dnl define(`confAUTH_OPTIONS', `A p')dnl
dnl #
dnl # PLAIN is the preferred plaintext authentication method and used by
dnl # Mozilla Mail and Evolution, though Outlook Express and other MUAs do
dnl # use LOGIN. Other mechanisms should be used if the connection is not
dnl # guaranteed secure.
dnl #
dnl TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
dnl define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
dnl #
dnl # /etc/mail/sendmail.mc, you will need to regenerate the
dnl # /etc/mail/sendmail.cf file by confirming that the sendmail-cf package is
dnl # installed and then performing a
dnl #
dnl # make -C /etc/mail
dnl #
include(`/usr/share/sendmail-cf/m4/cf.m4')dnl
VERSIONID(`setup for Red Hat Linux')dnl
OSTYPE(`linux')dnl
dnl #
dnl # Uncomment and edit the following line if your outgoing mail needs to
dnl # be sent out through an external mail server:
dnl #
dnl define(`SMART_HOST',`smtp.your.provider')
dnl #
define(`confDEF_USER_ID',``8:12'')dnl
dnl define(`confAUTO_REBUILD')dnl
define(`confTO_CONNECT', `1m')dnl
define(`confTRY_NULL_MX_LIST',true)dnl
define(`confDONT_PROBE_INTERFACES',true)dnl
define(`PROCMAIL_MAILER_PATH',`/usr/bin/procmail')dnl
define(`ALIAS_FILE', `/etc/aliases')dnl
dnl define(`STATUS_FILE', `/etc/mail/statistics')dnl
define(`UUCP_MAILER_MAX', `2000000')dnl
define(`confUSERDB_SPEC', `/etc/mail/userdb.db')dnl
define(`confPRIVACY_FLAGS', `authwarnings,novrfy,noexpn,restrictqrun')dnl
define(`confAUTH_OPTIONS', `A')dnl
dnl #
dnl # The following allows relaying if the user authenticates, and disallows
dnl # plaintext authentication (PLAIN/LOGIN) on non-TLS links
dnl #
dnl define(`confAUTH_OPTIONS', `A p')dnl
dnl #
dnl # PLAIN is the preferred plaintext authentication method and used by
dnl # Mozilla Mail and Evolution, though Outlook Express and other MUAs do
dnl # use LOGIN. Other mechanisms should be used if the connection is not
dnl # guaranteed secure.
dnl #
dnl TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
dnl define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
dnl #
dnl # Rudimentary information on creating certificates for sendmail TLS:
dnl define(`confCACERT_PATH',`/usr/share/ssl/certs')
dnl define(`confCACERT',`/usr/share/ssl/certs/ca-bundle.crt')
dnl define(`confSERVER_CERT',`/usr/share/ssl/certs/sendmail.pem')
dnl define(`confSERVER_KEY',`/usr/share/ssl/certs/sendmail.pem')
dnl #
dnl # This allows sendmail to use a keyfile that is shared with OpenLDAP's
dnl # slapd, which requires the file to be readble by group ldap
dnl #
dnl define(`confDONT_BLAME_SENDMAIL',`groupreadablekeyfile')dnl
dnl #
dnl define(`confTO_QUEUEWARN', `4h')dnl
dnl define(`confTO_QUEUERETURN', `5d')dnl
dnl define(`confQUEUE_LA', `12')dnl
dnl define(`confREFUSE_LA', `18')dnl
define(`confTO_IDENT', `0')dnl
dnl FEATURE(delay_checks)dnl
FEATURE(`no_default_msa',`dnl')dnl
FEATURE(`smrsh',`/usr/sbin/smrsh')dnl
FEATURE(`mailertable',`hash -o /etc/mail/mailertable.db')dnl
FEATURE(`virtusertable',`hash -o /etc/mail/virtusertable.db')dnl
FEATURE(redirect)dnl
FEATURE(always_add_domain)dnl
FEATURE(use_cw_file)dnl
FEATURE(use_ct_file)dnl
dnl #
dnl # The -t option will retry delivery if e.g. the user runs over his quota.
dnl #
FEATURE(local_procmail,`',`procmail -t -Y -a $h -d $u')dnl
FEATURE(`access_db',`hash -T<TMPF> -o /etc/mail/access.db')dnl
FEATURE(`blacklist_recipients')dnl
EXPOSED_USER(`root')dnl
dnl #
dnl # The following causes sendmail to only listen on the IPv4 loopback address
dnl # 127.0.0.1 and not on any other network devices. Remove the loopback
dnl # address restriction to accept email from the internet or intranet.
dnl #
DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnl
dnl #
dnl # The following causes sendmail to additionally listen to port 587 for
dnl # mail from MUAs that authenticate. Roaming users who can't reach their
dnl # preferred sendmail daemon due to port 25 being blocked or redirected find
dnl # this useful.
dnl # preferred sendmail daemon due to port 25 being blocked or redirected find
dnl # this useful.
dnl #
dnl DAEMON_OPTIONS(`Port=submission, Name=MSA, M=Ea')dnl
dnl #
dnl # The following causes sendmail to additionally listen to port 465, but
dnl # starting immediately in TLS mode upon connecting. Port 25 or 587 followed
dnl # by STARTTLS is preferred, but roaming clients using Outlook Express can't
dnl # do STARTTLS on ports other than 25. Mozilla Mail can ONLY use STARTTLS
dnl # and doesn't support the deprecated smtps; Evolution <1.1.1 uses smtps
dnl # when SSL is enabled-- STARTTLS support is available in version 1.1.1.
dnl #
dnl # For this to work your OpenSSL certificates must be configured.
dnl #
dnl DAEMON_OPTIONS(`Port=smtps, Name=TLSMTA, M=s')dnl
dnl #
dnl # The following causes sendmail to additionally listen on the IPv6 loopback
dnl # device. Remove the loopback address restriction listen to the network.
dnl #
dnl # NOTE: binding both IPv4 and IPv6 daemon to the same port requires
dnl # a kernel patch
dnl #
dnl DAEMON_OPTIONS(`port=smtp,Addr=::1, Name=MTA-v6, Family=inet6')dnl
dnl #
dnl # We strongly recommend not accepting unresolvable domains if you want to
dnl # protect yourself from spam. However, the laptop and users on computers
dnl # that do not have 24x7 DNS do need this.
dnl #
FEATURE(`accept_unresolvable_domains')dnl
dnl #
dnl FEATURE(`relay_based_on_MX')dnl
dnl #
dnl # Also accept email sent to "localhost.localdomain" as local email.
dnl #
LOCAL_DOMAIN(`localhost.localdomain')dnl
dnl #
dnl # The following example makes mail from this host and any additional
dnl # specified domains appear to be sent from mydomain.com
dnl #
dnl MASQUERADE_AS(`mydomain.com')dnl
dnl #
dnl # masquerade not just the headers, but the envelope as well
dnl #
dnl FEATURE(masquerade_envelope)dnl
dnl #
dnl FEATURE(masquerade_envelope)dnl
dnl #
dnl # masquerade not just @mydomainalias.com, but @*.mydomainalias.com as well
dnl #
dnl FEATURE(masquerade_entire_domain)dnl
dnl #
dnl MASQUERADE_DOMAIN(localhost)dnl
dnl MASQUERADE_DOMAIN(localhost.localdomain)dnl
dnl MASQUERADE_DOMAIN(mydomainalias.com)dnl
dnl MASQUERADE_DOMAIN(mydomain.lan)dnl
MAILER(smtp)dnl
MAILER(procmail)dnl
1、define(QUEUE_DIR,`/var/spool/mqueue/q*')dnl 这一行是需要添加的内容,建立队列目录
2、TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl 该行使sendmail不管access文件中如何设置,都能 relay 那些通过EXTERNAL, LOGIN, PLAIN, CRAM-MD5或DIGEST-MD5等方式验证的邮件(这两行在sendmail.mc文件中已经存在,只要去掉前面的dnl #就可以)
3、define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl 该行确定系统的认证方式
4、dnl # DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnl 该行加上注释dnl #,以便让sendmail可以侦听所有网络设备,为整个网络提供服务,而不仅仅只对本机提供服务
5、dnl DAEMON_OPTIONS(`Port=submission, Name=MSA, M=Ea')dnl 该行去掉行首的注释符,并且将内容修改成Port=25: DAEMON_OPTIONS(`Port=25, Name=MSA')dnl
在smtp的默认端口(25)上进行认证,而不是587端口。这样就强制所有使用该邮件服务器进行邮件转发的用户在认证后才能发邮件了。
m4 /etc/mail/sendmail.mc > /etc/sendmail.cf 用m4重新生成sendmail.cf文件
cd /var/spool/mqueue
mkdir q1 q2 q3 q4 q5 q6 打开了多个队列,现在我们在/var/spool/mqueue/下创建任意多个队列目录
vi /etc/mail/local-host-names 添加件服务器使用的邮箱名加进去,比如邮箱为:xxx@abc.com.cn则将abc.com.cn加入到该文件中
vi /etc/mail/access 清空access文件中的除#以外的所有内容
makemap hash /etc/mail/access.db < /etc/mail/access 保证对有所要发送的邮件进行验证
vi /etc/mail/localhost 输入jtomron.com hyron.com
mkdir maillist 创建邮件列表目录
cd maillist 在该目录下创建各个邮件列表的文件
newaliases 使设置的邮件列表生效
/etc/rc.d/init.d/sendmail restart
telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'
220 localhost.localdomain ESMTP Sendmail 8.12.8/8.12.8; Wed, 12 May 2004 15:57:01 +0800
ehlo localhost
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-8BITMIME
250-SIZE
250-DSN
250-AUTH GSSAPI LOGIN PLAIN
250-DELIVERBY
250-HELP
quit 在AUTH后面有LOGIN就基本上可以在OutlookExpress上认证了
这个配置方式采用linux的PAM认证
/etc/aliases 文件使用说明
查看aliases文件命令:praliases命令可以查看/etc/aliases文件
/etc/aliases数据库主要改写如站地址,不能改写出站地址
要使用别名功能,必须确保在mc文件中该行使用:define(`ALIAS_FILE',`/etc/aliases')dnl
/etc/aliases文件是一个文本文件,格式为:alias:recipient[,recipient, ...]
alias:邮件地址中的用户名
recipient:是实际上接受该邮件的用户
定义别名的作用:
1、为单个用户设置别名:
wujie:wildline
andrew:fuxueran
2、利用别名来保护登陆帐号,系统管路员可以使用别名来保护合法用户的帐号不被泄漏
假设我在210.22.128.203上有个系统帐号为wujie(可以使用wujie@hryon.com),而对外的电子邮件帐号可以是wildline,就需要如下设置
wildline:wujie
3、将发给特殊用户的邮件转发给实际用户
mail-daemon:wujie
root:wujie
4、实现邮件列表
net-adm:wujie,andrew 可以通过发送给net-adm@hyron.com一下子发给wujie和andrew多个用户修改完后用newaliases命令重新创建/etc/aliases生成该数据库
该设置也可以设置为
mkdir /etc/mail/maillist
vi /etc/mail/maillist/net-adm
在net-adm文件中输入该邮件列表的用户名:wujie andrew
vi /etc/aliases
net-adm::include:/etc/mail/maillist/net-adm
newaliases
5、转发邮件
wujie:wildline@smartwintech.com 这样发给wujie@hyron.com的邮件就自动转发到了wildline@smartwintech.com邮箱中了!
/etc/mail/virtusertable数据库说明:
要使用虚拟域功能,必须确保在mc文件中该行使用:FEATURE(`virtusertable',`hash -o /etc/mail/virtusertable.db')dnl
虚拟域用户的文件缺省为/etc/mail/virtusertable.db,它用/etc/mail/virtusertable文件生成,格式为:虚拟域地址 真是地址(中间用tab键分开)
someone@otherdomain.com localuser 发送给someone@otherdomain.com的邮件现在要发送给本级的用户localuser
@testdomain.com test@mydomain.com 所有发往***@testdomain.com的邮件都会被发送到test@mydomain.com
@testdomain.com %1@mydomain.com user1@testdomain.com的邮件发给user1@mydomain.com,user2@testdomain.com的邮件发给user2@mydomain.com
@testdomain.com %1test@mydomain.com user1@testdomain.com的邮件发给user1test
@mydomain.com,user2@testdomain.com的邮件发给user2test@mydomain.com
然后建立新的数据库:makemap hash /etc/mail/virtusertable.db < /etc/mail/virtusertabl
设置虚拟域用户能够工作有以下的前提:
(1)配置DNS,并设置虚拟域的MX记录
(2)将所有的虚拟域田间到文件/etc/mail/local-host-names中作为本地域别名
(3)将所有的虚拟域添加到文件/etc/mail/access并允许RELAY
使用/etc/access数据库
/etc/access数据库可以用来防止smtp转发功能被滥用
要使用该数据库,必须确保在mc中一下两行被使用:FEATURE(`access_db',`hash -T<TMPF> -o /etc/mail/access.db')dnl
FEATURE(`blacklist_recipients')dnl
/etc/mail/access.db是一个散列数据库,它是用/etc/mail/access产生出来的,/etc/mail/access是纯文本文件,格式为:<地址> <操作>中间以空格做为分隔符
地址字段
domain yourdomain.com *.yourdomain.com (域内所有主机)
ipaddress 192.168.12 192.168.12.*即该网段内所有主机
192.168.1.1 特定的主机
username@domain someone@somedomain.com 一个特定的邮件地址
username@ someone@ 用户名为someone的邮件
操作地段
0K 无条件接受或发送
RELAY 允许SMTP代理投递
REJECT 拒绝接受并发布错误信息
DISCARD 丢弃邮件,勿错误信息发布
用makemap hash /etc/mail/access.db < /etc/mail/access
/etc/aliases sendmail别名数据库
/etc/mail/sendmail.cf sendmail主要配置文件
/etc/mail/sendmail.mc sendmail宏配置文件
/etc/mail/access sendmail数据库
/etc/mail/local-host-names sendmail本地域别名文件
/etc/mail/virtusertable sendmail虚拟用户数据库
senmail带PAM认证需要如下的安装包
imap
sendmail
m4
cyrus-sasl
cyrus-sasl-md5
cyrus-sasl-plain
cyrus-sasl-gssapi
divert(-1)dnl
ds is the sendmail macro config file for m4. If you make changes to
dnl # /etc/mail/sendmail.mc, you will need to regenerate the
dnl # /etc/mail/sendmail.cf file by confirming that the sendmail-cf package is
dnl # installed and then performing a
dnl #
dnl # make -C /etc/mail
dnl #
include(`/usr/share/sendmail-cf/m4/cf.m4')dnl
VERSIONID(`setup for Red Hat Linux')dnl
OSTYPE(`linux')dnl
dnl #
dnl # Uncomment and edit the following line if your outgoing mail needs to
dnl # be sent out through an external mail server:
dnl #
dnl define(`SMART_HOST',`smtp.your.provider')
dnl #
define(`confDEF_USER_ID',``8:12'')dnl
dnl define(`confAUTO_REBUILD')dnl
define(`confTO_CONNECT', `1m')dnl
define(`confTRY_NULL_MX_LIST',true)dnl
define(`confDONT_PROBE_INTERFACES',true)dnl
define(`PROCMAIL_MAILER_PATH',`/usr/bin/procmail')dnl
define(`ALIAS_FILE', `/etc/aliases')dnl
dnl define(`STATUS_FILE', `/etc/mail/statistics')dnl
define(`UUCP_MAILER_MAX', `2000000')dnl
define(`confUSERDB_SPEC', `/etc/mail/userdb.db')dnl
define(`confPRIVACY_FLAGS', `authwarnings,novrfy,noexpn,restrictqrun')dnl
define(`confAUTH_OPTIONS', `A')dnl
dnl #
dnl # The following allows relaying if the user authenticates, and disallows
dnl # plaintext authentication (PLAIN/LOGIN) on non-TLS links
dnl #
dnl define(`confAUTH_OPTIONS', `A p')dnl
dnl #
dnl # PLAIN is the preferred plaintext authentication method and used by
dnl # Mozilla Mail and Evolution, though Outlook Express and other MUAs do
dnl # use LOGIN. Other mechanisms should be used if the connection is not
dnl # guaranteed secure.
dnl #
dnl TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
dnl define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
dnl #
dnl # /etc/mail/sendmail.mc, you will need to regenerate the
dnl # /etc/mail/sendmail.cf file by confirming that the sendmail-cf package is
dnl # installed and then performing a
dnl #
dnl # make -C /etc/mail
dnl #
include(`/usr/share/sendmail-cf/m4/cf.m4')dnl
VERSIONID(`setup for Red Hat Linux')dnl
OSTYPE(`linux')dnl
dnl #
dnl # Uncomment and edit the following line if your outgoing mail needs to
dnl # be sent out through an external mail server:
dnl #
dnl define(`SMART_HOST',`smtp.your.provider')
dnl #
define(`confDEF_USER_ID',``8:12'')dnl
dnl define(`confAUTO_REBUILD')dnl
define(`confTO_CONNECT', `1m')dnl
define(`confTRY_NULL_MX_LIST',true)dnl
define(`confDONT_PROBE_INTERFACES',true)dnl
define(`PROCMAIL_MAILER_PATH',`/usr/bin/procmail')dnl
define(`ALIAS_FILE', `/etc/aliases')dnl
dnl define(`STATUS_FILE', `/etc/mail/statistics')dnl
define(`UUCP_MAILER_MAX', `2000000')dnl
define(`confUSERDB_SPEC', `/etc/mail/userdb.db')dnl
define(`confPRIVACY_FLAGS', `authwarnings,novrfy,noexpn,restrictqrun')dnl
define(`confAUTH_OPTIONS', `A')dnl
dnl #
dnl # The following allows relaying if the user authenticates, and disallows
dnl # plaintext authentication (PLAIN/LOGIN) on non-TLS links
dnl #
dnl define(`confAUTH_OPTIONS', `A p')dnl
dnl #
dnl # PLAIN is the preferred plaintext authentication method and used by
dnl # Mozilla Mail and Evolution, though Outlook Express and other MUAs do
dnl # use LOGIN. Other mechanisms should be used if the connection is not
dnl # guaranteed secure.
dnl #
dnl TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
dnl define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
dnl #
dnl # Rudimentary information on creating certificates for sendmail TLS:
dnl define(`confCACERT_PATH',`/usr/share/ssl/certs')
dnl define(`confCACERT',`/usr/share/ssl/certs/ca-bundle.crt')
dnl define(`confSERVER_CERT',`/usr/share/ssl/certs/sendmail.pem')
dnl define(`confSERVER_KEY',`/usr/share/ssl/certs/sendmail.pem')
dnl #
dnl # This allows sendmail to use a keyfile that is shared with OpenLDAP's
dnl # slapd, which requires the file to be readble by group ldap
dnl #
dnl define(`confDONT_BLAME_SENDMAIL',`groupreadablekeyfile')dnl
dnl #
dnl define(`confTO_QUEUEWARN', `4h')dnl
dnl define(`confTO_QUEUERETURN', `5d')dnl
dnl define(`confQUEUE_LA', `12')dnl
dnl define(`confREFUSE_LA', `18')dnl
define(`confTO_IDENT', `0')dnl
dnl FEATURE(delay_checks)dnl
FEATURE(`no_default_msa',`dnl')dnl
FEATURE(`smrsh',`/usr/sbin/smrsh')dnl
FEATURE(`mailertable',`hash -o /etc/mail/mailertable.db')dnl
FEATURE(`virtusertable',`hash -o /etc/mail/virtusertable.db')dnl
FEATURE(redirect)dnl
FEATURE(always_add_domain)dnl
FEATURE(use_cw_file)dnl
FEATURE(use_ct_file)dnl
dnl #
dnl # The -t option will retry delivery if e.g. the user runs over his quota.
dnl #
FEATURE(local_procmail,`',`procmail -t -Y -a $h -d $u')dnl
FEATURE(`access_db',`hash -T<TMPF> -o /etc/mail/access.db')dnl
FEATURE(`blacklist_recipients')dnl
EXPOSED_USER(`root')dnl
dnl #
dnl # The following causes sendmail to only listen on the IPv4 loopback address
dnl # 127.0.0.1 and not on any other network devices. Remove the loopback
dnl # address restriction to accept email from the internet or intranet.
dnl #
DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnl
dnl #
dnl # The following causes sendmail to additionally listen to port 587 for
dnl # mail from MUAs that authenticate. Roaming users who can't reach their
dnl # preferred sendmail daemon due to port 25 being blocked or redirected find
dnl # this useful.
dnl # preferred sendmail daemon due to port 25 being blocked or redirected find
dnl # this useful.
dnl #
dnl DAEMON_OPTIONS(`Port=submission, Name=MSA, M=Ea')dnl
dnl #
dnl # The following causes sendmail to additionally listen to port 465, but
dnl # starting immediately in TLS mode upon connecting. Port 25 or 587 followed
dnl # by STARTTLS is preferred, but roaming clients using Outlook Express can't
dnl # do STARTTLS on ports other than 25. Mozilla Mail can ONLY use STARTTLS
dnl # and doesn't support the deprecated smtps; Evolution <1.1.1 uses smtps
dnl # when SSL is enabled-- STARTTLS support is available in version 1.1.1.
dnl #
dnl # For this to work your OpenSSL certificates must be configured.
dnl #
dnl DAEMON_OPTIONS(`Port=smtps, Name=TLSMTA, M=s')dnl
dnl #
dnl # The following causes sendmail to additionally listen on the IPv6 loopback
dnl # device. Remove the loopback address restriction listen to the network.
dnl #
dnl # NOTE: binding both IPv4 and IPv6 daemon to the same port requires
dnl # a kernel patch
dnl #
dnl DAEMON_OPTIONS(`port=smtp,Addr=::1, Name=MTA-v6, Family=inet6')dnl
dnl #
dnl # We strongly recommend not accepting unresolvable domains if you want to
dnl # protect yourself from spam. However, the laptop and users on computers
dnl # that do not have 24x7 DNS do need this.
dnl #
FEATURE(`accept_unresolvable_domains')dnl
dnl #
dnl FEATURE(`relay_based_on_MX')dnl
dnl #
dnl # Also accept email sent to "localhost.localdomain" as local email.
dnl #
LOCAL_DOMAIN(`localhost.localdomain')dnl
dnl #
dnl # The following example makes mail from this host and any additional
dnl # specified domains appear to be sent from mydomain.com
dnl #
dnl MASQUERADE_AS(`mydomain.com')dnl
dnl #
dnl # masquerade not just the headers, but the envelope as well
dnl #
dnl FEATURE(masquerade_envelope)dnl
dnl #
dnl FEATURE(masquerade_envelope)dnl
dnl #
dnl # masquerade not just @mydomainalias.com, but @*.mydomainalias.com as well
dnl #
dnl FEATURE(masquerade_entire_domain)dnl
dnl #
dnl MASQUERADE_DOMAIN(localhost)dnl
dnl MASQUERADE_DOMAIN(localhost.localdomain)dnl
dnl MASQUERADE_DOMAIN(mydomainalias.com)dnl
dnl MASQUERADE_DOMAIN(mydomain.lan)dnl
MAILER(smtp)dnl
MAILER(procmail)dnl
1、define(QUEUE_DIR,`/var/spool/mqueue/q*')dnl 这一行是需要添加的内容,建立队列目录
2、TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl 该行使sendmail不管access文件中如何设置,都能 relay 那些通过EXTERNAL, LOGIN, PLAIN, CRAM-MD5或DIGEST-MD5等方式验证的邮件(这两行在sendmail.mc文件中已经存在,只要去掉前面的dnl #就可以)
3、define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl 该行确定系统的认证方式
4、dnl # DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnl 该行加上注释dnl #,以便让sendmail可以侦听所有网络设备,为整个网络提供服务,而不仅仅只对本机提供服务
5、dnl DAEMON_OPTIONS(`Port=submission, Name=MSA, M=Ea')dnl 该行去掉行首的注释符,并且将内容修改成Port=25: DAEMON_OPTIONS(`Port=25, Name=MSA')dnl
在smtp的默认端口(25)上进行认证,而不是587端口。这样就强制所有使用该邮件服务器进行邮件转发的用户在认证后才能发邮件了。
m4 /etc/mail/sendmail.mc > /etc/sendmail.cf 用m4重新生成sendmail.cf文件
cd /var/spool/mqueue
mkdir q1 q2 q3 q4 q5 q6 打开了多个队列,现在我们在/var/spool/mqueue/下创建任意多个队列目录
vi /etc/mail/local-host-names 添加件服务器使用的邮箱名加进去,比如邮箱为:xxx@abc.com.cn则将abc.com.cn加入到该文件中
vi /etc/mail/access 清空access文件中的除#以外的所有内容
makemap hash /etc/mail/access.db < /etc/mail/access 保证对有所要发送的邮件进行验证
vi /etc/mail/localhost 输入jtomron.com hyron.com
mkdir maillist 创建邮件列表目录
cd maillist 在该目录下创建各个邮件列表的文件
newaliases 使设置的邮件列表生效
/etc/rc.d/init.d/sendmail restart
telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'
220 localhost.localdomain ESMTP Sendmail 8.12.8/8.12.8; Wed, 12 May 2004 15:57:01 +0800
ehlo localhost
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-8BITMIME
250-SIZE
250-DSN
250-AUTH GSSAPI LOGIN PLAIN
250-DELIVERBY
250-HELP
quit 在AUTH后面有LOGIN就基本上可以在OutlookExpress上认证了
这个配置方式采用linux的PAM认证
/etc/aliases 文件使用说明
查看aliases文件命令:praliases命令可以查看/etc/aliases文件
/etc/aliases数据库主要改写如站地址,不能改写出站地址
要使用别名功能,必须确保在mc文件中该行使用:define(`ALIAS_FILE',`/etc/aliases')dnl
/etc/aliases文件是一个文本文件,格式为:alias:recipient[,recipient, ...]
alias:邮件地址中的用户名
recipient:是实际上接受该邮件的用户
定义别名的作用:
1、为单个用户设置别名:
wujie:wildline
andrew:fuxueran
2、利用别名来保护登陆帐号,系统管路员可以使用别名来保护合法用户的帐号不被泄漏
假设我在210.22.128.203上有个系统帐号为wujie(可以使用wujie@hryon.com),而对外的电子邮件帐号可以是wildline,就需要如下设置
wildline:wujie
3、将发给特殊用户的邮件转发给实际用户
mail-daemon:wujie
root:wujie
4、实现邮件列表
net-adm:wujie,andrew 可以通过发送给net-adm@hyron.com一下子发给wujie和andrew多个用户修改完后用newaliases命令重新创建/etc/aliases生成该数据库
该设置也可以设置为
mkdir /etc/mail/maillist
vi /etc/mail/maillist/net-adm
在net-adm文件中输入该邮件列表的用户名:wujie andrew
vi /etc/aliases
net-adm::include:/etc/mail/maillist/net-adm
newaliases
5、转发邮件
wujie:wildline@smartwintech.com 这样发给wujie@hyron.com的邮件就自动转发到了wildline@smartwintech.com邮箱中了!
/etc/mail/virtusertable数据库说明:
要使用虚拟域功能,必须确保在mc文件中该行使用:FEATURE(`virtusertable',`hash -o /etc/mail/virtusertable.db')dnl
虚拟域用户的文件缺省为/etc/mail/virtusertable.db,它用/etc/mail/virtusertable文件生成,格式为:虚拟域地址 真是地址(中间用tab键分开)
someone@otherdomain.com localuser 发送给someone@otherdomain.com的邮件现在要发送给本级的用户localuser
@testdomain.com test@mydomain.com 所有发往***@testdomain.com的邮件都会被发送到test@mydomain.com
@testdomain.com %1@mydomain.com user1@testdomain.com的邮件发给user1@mydomain.com,user2@testdomain.com的邮件发给user2@mydomain.com
@testdomain.com %1test@mydomain.com user1@testdomain.com的邮件发给user1test
@mydomain.com,user2@testdomain.com的邮件发给user2test@mydomain.com
然后建立新的数据库:makemap hash /etc/mail/virtusertable.db < /etc/mail/virtusertabl
设置虚拟域用户能够工作有以下的前提:
(1)配置DNS,并设置虚拟域的MX记录
(2)将所有的虚拟域田间到文件/etc/mail/local-host-names中作为本地域别名
(3)将所有的虚拟域添加到文件/etc/mail/access并允许RELAY
使用/etc/access数据库
/etc/access数据库可以用来防止smtp转发功能被滥用
要使用该数据库,必须确保在mc中一下两行被使用:FEATURE(`access_db',`hash -T<TMPF> -o /etc/mail/access.db')dnl
FEATURE(`blacklist_recipients')dnl
/etc/mail/access.db是一个散列数据库,它是用/etc/mail/access产生出来的,/etc/mail/access是纯文本文件,格式为:<地址> <操作>中间以空格做为分隔符
地址字段
domain yourdomain.com *.yourdomain.com (域内所有主机)
ipaddress 192.168.12 192.168.12.*即该网段内所有主机
192.168.1.1 特定的主机
username@domain someone@somedomain.com 一个特定的邮件地址
username@ someone@ 用户名为someone的邮件
操作地段
0K 无条件接受或发送
RELAY 允许SMTP代理投递
REJECT 拒绝接受并发布错误信息
DISCARD 丢弃邮件,勿错误信息发布
用makemap hash /etc/mail/access.db < /etc/mail/access
- sendmail服务器配置
- 安装配置sendmail服务器
- sendmail 配置SMTP服务器
- 配置 sendmail 服务器
- 内网配置sendmail服务器
- RHCE Sendmail 邮件服务器配置
- centos sendmail 邮件服务器配置
- 在RHFC3下配置sendmail服务器
- rhel5 sendmail服务器详细配置文档
- sendmail +apache+openwebmail邮件服务器安装配置
- RHEL5.7下的sendmail服务器配置
- 配置简单带认证的Sendmail服务器 (
- 快速安装配置sendmail服务器的脚本
- rhel5 sendmail邮件服务器简单安装配置
- windows下服务器配置sendmail发邮件
- Linux配置邮件服务器sendmail +dovecot
- Windows下面配置sendmail邮件服务器
- Sendmail邮件服务器搭建与配置笔记
- 我的第一篇,for test only
- VB中 0、""(空字串)、Null、Empty、与 Nothing 的区别
- 助動詞ーない
- 电脑耳机有电流声如何解决?
- 456545454
- sendmail服务器配置
- SQLServer和Oracle的常用函数对比
- 另外一种WebService的用户验证方式---使用验证票
- debian安装小记
- JSP内建对象概述
- Turbine Training
- 获取checkbox值
- ASP.NET常用代码
- Asp.Net细节性问题精萃
